We present an approach for building highly-dependable systems that derive their assurance from a formally-verified operatingsystem which guarantees isolation between subsystems. We leverage those guarantees to enforce security through non-bypassable architectural constraints, and through generation of code and proofs from the architecture. We show that this approach can produce a system that is...

Although some progress has been made in the development of principles to guide the designers of interactive systems, ultimately the only proven method of checking how usable a particular system is must be based on experiment. However, it is also the case that changes that occur at this late stage are very expensive. The need for early design checking increases as software becomes more complex a...

The types of police inquiries performed these days are incredibly diverse. Often data processing architectures are not suited to cope with this diversity since most of the case data is still stored as unstructured text. In this paper Formal Concept Analysis (FCA) is showcased for its exploratory data analysis capabilities in discovering domestic violence intelligence from a dataset of unstructu...

In order to demonstrably satisfy hard real-time deadlines, a system must be predictable, and in particular the kernel must be predictable. In this paper we present and analyse a predictable kernel related to AORTA, a formal design language for hard real-time systems. The features of the kernel allow AORTA designs to be veriiably and semi-automatically implemented, and enable veriied guarantees ...

In this paper, we study ternary optimal formally self-dual codes. Bounds for the highest minimum weight are given for length up to 30 and examples of optimal formally self-dual codes are constructed. For some lengths, we have found formally self-dual codes which have a higher minimum weight than any self-dual code. It is also shown that any optimal formally self-dual [ 10,5,5] code is related t...

A method of formally correct synthesis is presented, and applied to the automatic construction of pipelined processors. The method is based on a repertoire of elementary correctness-preserving transformations which are e ciently cross-checked by an independent formal veri cation tool. Basic pipelining strategies as well as automatic post-synthesis veri cation are provided.

The reduced Witt rings of certain formally real fields are computed here in terms of some basic arithmetic invariants of the fields. For some fields, including the rational function field in one variable over the rational numbers and the rational function field in two variables over the real numbers, this is done by computing the image of the total signature map on the Witt ring. For a wider cl...